copyright 1987-2009 1 roger clarke xamax consultancy, canberra visiting professor – cyberspace law...
TRANSCRIPT
![Page 1: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/1.jpg)
Copyright1987-2009
1
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor – Cyberspace Law & Policy Centre @ UNSW
and at the ANU and the Uni. of Hong Kong
http://www.rogerclarke.com/ID/IdModel-090605 {.html,.ppt}http://www.rogerclarke.com/ID/IdModelGloss.html
IDIS 2009 – Workshop on Identity in the Information Society
LSE – 5 June 2009
A Sufficiently Rich Model of(Id)entity, Authentication and
Authorisation
![Page 2: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/2.jpg)
Copyright1987-2009
2
A Dialect to Support Discourse on 'Identity in the Information Society'
AGENDA• Preliminaries• The Model
• The Basic Model• Identity, Identifier; Entity, Entifier;
Nym• Sample Applications
• (Id)entification• Authentication• Authorisation
• Applications of the Model
![Page 3: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/3.jpg)
Copyright1987-2009
3
![Page 4: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/4.jpg)
Copyright1987-2009
4
Preliminaries• Deep discourse in a domain needs a specialist
dialect• Sufficient richness involves about 50 concepts
and relationships among the concepts • 50 neologisms is too much, so use existing terms• Existing terms carry a lot of baggage• Each term:
• requires explicit definition• must be related to other terms in the model
• For each term, the specialist meaning will conflict with the (in most cases, many) existing usages
![Page 5: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/5.jpg)
Copyright1987-2009
5
NamesCodes
Roles
Identifier + Data-Items
Identity andAttributes
RealWorld
AbstractWorld
Identity and Identifier
![Page 6: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/6.jpg)
Copyright1987-2009
6
Entity andAttributes
RealWorld
AbstractWorld
Identifier + Data-Items
Identity andAttributes
The Entity/ies underlying an Identity
![Page 7: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/7.jpg)
Copyright1987-2009
7
Entity andAttributes
RealWorld
AbstractWorld
Entifier + Data-Items
Identifier + Data-Items
Identity andAttributes
Entity and Entifier
![Page 8: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/8.jpg)
Copyright1987-2009
8
Entity andAttributes
RealWorld
AbstractWorld
Record:
Entifier + Data-Items
Record:
Identifier + Data-Items
Identity andAttributes
Record:
Nym + Data-Items
Identity andAttributes
m
n
m
n
1
1 1
n n n
Nymity
![Page 9: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/9.jpg)
Copyright1987-2009
9
![Page 10: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/10.jpg)
Copyright1987-2009
10
(Id)entification• Identification
The process of associating data with a particular IdentityAchieved by acquiring an Identifier for the Identity
![Page 11: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/11.jpg)
Copyright1987-2009
11
(Id)entification• Identification
The process of associating data with a particular IdentityAchieved by acquiring an Identifier for the Identity
• EntificationThe process of associating data with a particular EntityAchieved by acquiring an Entifier for the Entity
![Page 12: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/12.jpg)
Copyright1987-2009
12
(Id)entification• Identification
The process of associating data with a particular IdentityAchieved by acquiring an Identifier for the Identity
• EntificationThe process of associating data with a particular EntityAchieved by acquiring an Entifier for the Entity
• TokenA recording medium for an Entifier or Identifier
• Identity SiloA restricted-purpose Identity, and associated Identifier(s)
![Page 13: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/13.jpg)
Copyright1987-2009
13
Authentication of Assertions• Authentication: A process that establishes
a level of confidence in an Assertion• Assertion: a proposition relating to ...• Assertion Types: a fact, the quality of a
Data-item, the value of an Entity, the Location of an Entity, an Attribute of an Entity or an Identity, an Entity, or an Identity
![Page 14: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/14.jpg)
Copyright1987-2009
14
Authentication of Assertions• Authentication: A process that establishes
a level of confidence in an Assertion• Assertion: a proposition relating to ...• Assertion Types: a fact, the quality of a
Data-item, the value of an Entity, the Location of an Entity, an Attribute of an Entity or an Identity, an Entity, or an Identity
• Authenticator: evidence ...• Credential: a physical or digital Authenticator• EOI: an Authenticator for Identity Assertions
![Page 15: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/15.jpg)
Copyright1987-2009
15
Authorisation
![Page 16: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/16.jpg)
Copyright1987-2009
16
Authorisation
![Page 17: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/17.jpg)
Copyright1987-2009
17
Authorisation:Access ControlRegistration
Pre-Authenticationof Evidence of
Identity or Attribute
EnrolmentDecide
Access Permissions
Issue ofAuthenticator
Permissions Store Access
Control List
Authenticationusing the Issued
Authenticator
AuthorisationAccessControl
Registerof
Authenticators
![Page 18: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/18.jpg)
Copyright1987-2009
18
Applications
• Goods• Packaging• Animals• Vehicles• Devices• Software• Organisations• Humans
![Page 19: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/19.jpg)
Copyright1987-2009
19
Proxies for Humans
• Goods• Packaging• Animals• Vehicles• Devices• Software• Organisations• Humans
• Personal Goods
• Pets• Personal Vehicles• Personal Handhelds• Reg-Code, IP-Address
• Embedded Chips
![Page 20: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/20.jpg)
Copyright1987-2009
20
Case 1 – Mobile Phones• Entifier for the Product – model-name, model-number• Entifier for the Handset – Serial-Number of the device
• Mobile Equipment Identity (IMEI) – GSM / UMTS• Electronic Serial Number (ESN) or
Mobile Equipment Identifier (MEID) – CDMA• Identifier for the Persona – Serial-Number of a chip
• Subscriber Identity Module (SIM) – GSM / UMTS• Removable User Identity Module (R-UIM) or
CDMA Subscriber Identity Module (CSIM) – CDMA• Universal Subscriber Identity Module (USIM) – 3G
• Proxy-(Id)entifier – MAC Address / NICId, or IP-Address
![Page 21: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/21.jpg)
Copyright1987-2009
21
Case 2 – Organisations• Organisations are non-corporeal, 'shared
hallucinations'• 'Incorporation' is illusory• A register-entry is evidence, not
substantiation
![Page 22: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/22.jpg)
Copyright1987-2009
22
Case 2 – Organisations• Organisations are non-corporeal, 'shared
hallucinations'• 'Incorporation' is illusory• A register-entry is evidence, not substantiation
• Entifier• name, registration-code
• Identifier• business division, business name, brand, logo
• (Id)entity Authentication• corporate seal?? signatures??
• All 'corporate acts' are done by human agents, so ...
![Page 23: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/23.jpg)
Copyright1987-2009
23
Case 3 – Humans
![Page 24: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/24.jpg)
Copyright1987-2009
24
Defined Terms in the Model• entity, identity, anonymity, pseudonymity, nymity, attributes• record, data item, digital persona, data silo• (id)entifier, (id)entification, token, nym, anonym, pseudonym,
identity silo, multi-purpose / general-purpose identifier• authentication, authentication strength, assertion, assertion
categories, authenticator, credential, (id)entity authentication, evidence of (id)entity, (id)entity credential
• authorisation/permission/privilege, user, loginid/userid/username, account, access control, registration, pre-authentication, enrolment, single sign-on, simplified sign-on, identity management
![Page 25: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/25.jpg)
Copyright1987-2009
25
A Dialect to Support Discourse on 'Identity in the Information Society'
AGENDA• Preliminaries• The Model
• The Basic Model• Identity, Identifier; Entity, Entifier;
Nym• Sample Applications
• (Id)entification• Authentication• Authorisation
• Applications of the Model
![Page 26: Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy Centre @ UNSW and at the ANU and the Uni. of](https://reader035.vdocuments.net/reader035/viewer/2022070305/55142a5e550346d8488b5c7b/html5/thumbnails/26.jpg)
Copyright1987-2009
26
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor – Cyberspace Law & Policy Centre @ UNSW
and at the ANU and the Uni. of Hong Kong
http://www.rogerclarke.com/ID/IdModel-090605 {.html,.ppt}http://www.rogerclarke.com/ID/IdModelGloss.html
IDIS 2009 – Workshop on Identity in the Information Society
LSE – 5 June 2009
A Sufficiently Rich Model of(Id)entity, Authentication and
Authorisation